If your server is behind NAT ( i.e it has "local" address(es) only but it still receives traffic directly from the internet ) but you have more than one machine on this network ( so binding to 127.0.0.1 is not an option ) then blocking all but local traffic using your firewall will be the way to go.

Note that this puts the DROP rule in as the first rule and then puts the ACCEPT rule in before that. There is probably a much better way of doing this using whatever method you use to save your firewall rules. ( Probably iptables-save and iptables-restore.)